Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
windows security alert trojaner virus

windows security alert trojaner virus


Log-Analyse und Auswertung: windows security alert trojaner virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.05.2011, 19:35   #1
fred.werk
 
windows security alert trojaner virus - Standard

windows security alert trojaner virus


hier der LOG:

Code:
ATTFilter
ComboFix 11-05-16.01 - Andi 16.05.2011  19:45:34.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2013.623 [GMT 2:00]
ausgeführt von:: c:\users\Andi\Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
 ADS - Windows: deleted 24 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\malacuxatx.exe
c:\malacuxatx.exe\config.bin
c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.3\config.ini
c:\program files\Dealio Toolbar\IE\4.3\deALiotoolbarie.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\2.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\Andi\AppData\Local\{AD7E98CB-9B59-4CF0-9BE4-C27EC5A6AED5}
c:\users\Andi\AppData\Local\{AD7E98CB-9B59-4CF0-9BE4-C27EC5A6AED5}\chrome.manifest
c:\users\Andi\AppData\Local\{AD7E98CB-9B59-4CF0-9BE4-C27EC5A6AED5}\chrome\content\_cfg.js
c:\users\Andi\AppData\Local\{AD7E98CB-9B59-4CF0-9BE4-C27EC5A6AED5}\chrome\content\overlay.xul
c:\users\Andi\AppData\Local\{AD7E98CB-9B59-4CF0-9BE4-C27EC5A6AED5}\install.rdf
c:\users\Andi\AppData\Local\lame_enc.dll
c:\users\Andi\AppData\Local\mwsautSp.exe
c:\users\Andi\AppData\Local\no23xwrapper.dll
c:\users\Andi\AppData\Local\ogg.dll
c:\users\Andi\AppData\Local\vorbis.dll
c:\users\Andi\AppData\Local\vorbisenc.dll
c:\users\Andi\AppData\Local\vorbisfile.dll
c:\users\Andi\AppData\Roaming\avdrn.dat
c:\users\Andi\AppData\Roaming\Fegyo
c:\users\Andi\AppData\Roaming\Fegyo\suohe.exe
c:\users\Andi\AppData\Roaming\Loozs
c:\users\Andi\AppData\Roaming\Loozs\omeh.exe
c:\users\Andi\AppData\Roaming\Polar\mili.exe
c:\windows\system32\f3PSSavr.scr
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-16 bis 2011-05-16  ))))))))))))))))))))))))))))))
.
.
2011-05-16 18:11 . 2011-05-16 18:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-15 11:55 . 2011-05-15 11:56	--------	d-----w-	c:\users\Andi\AppData\Local\{B5EFD50F-51DB-4268-9000-F710A4FDC0A6}
2011-05-14 11:49 . 2011-05-14 14:01	--------	d-----w-	C:\_OTL
2011-05-14 03:40 . 2011-04-09 05:56	123904	----a-w-	c:\windows\system32\poqexec.exe
2011-05-13 19:25 . 2011-02-18 05:33	31232	----a-w-	c:\windows\system32\prevhost.exe
2011-05-13 19:25 . 2011-03-12 11:31	442880	----a-w-	c:\windows\system32\XpsPrint.dll
2011-05-13 19:25 . 2011-02-26 05:33	2614784	----a-w-	c:\windows\explorer.exe
2011-05-13 19:19 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEE1C856-46CA-42AC-A44F-608816746E44}\mpengine.dll
2011-05-13 18:30 . 2009-07-13 23:45	6144	----a-w-	c:\windows\system32\beep.sys
2011-05-10 16:18 . 2011-05-10 16:18	--------	d-----w-	c:\users\Andi\AppData\Local\{EF113030-CAF6-4AA0-80ED-D8790A2F0D85}
2011-04-30 12:37 . 2011-04-30 12:37	--------	d-----w-	c:\program files\MinecraftAlpha
2011-04-30 12:11 . 2011-05-01 12:57	--------	d-----w-	c:\users\Andi\AppData\Roaming\.minecraft
2011-04-27 17:12 . 2011-04-27 17:35	--------	d-----w-	c:\users\Andi\AppData\Roaming\muvee Technologies
2011-04-27 17:10 . 2011-04-27 17:10	--------	d-----w-	c:\program files\muvee Technologies
2011-04-27 17:09 . 2011-04-27 17:11	--------	d-----w-	c:\program files\Common Files\muvee Technologies
2011-04-27 17:06 . 2011-04-27 17:12	--------	d-----w-	c:\programdata\muvee Technologies
2011-04-24 14:43 . 2011-04-24 14:43	--------	d-----w-	c:\users\Andi\AppData\Local\{6F844C49-CC63-49E2-AD07-739B3F072E3D}
2011-04-23 12:11 . 2011-04-23 12:11	--------	d-----w-	c:\users\Andi\AppData\Local\{5F85E6C5-7370-409B-B5B1-1D547582EBFD}
2011-04-22 20:42 . 2011-05-13 18:35	--------	d-----w-	c:\program files\ICQ6Toolbar
2011-04-22 20:42 . 2011-04-22 20:44	--------	d-----w-	c:\programdata\ICQ
2011-04-22 20:41 . 2011-05-09 16:11	--------	d-----w-	c:\users\Andi\AppData\Roaming\ICQ
2011-04-22 20:41 . 2011-05-05 15:03	--------	d-----w-	c:\program files\ICQ7.5
2011-04-22 11:46 . 2011-04-22 11:47	--------	d-----w-	c:\users\Andi\AppData\Local\{5CA395DE-4DF3-43C1-8C31-DB17426ACA9C}
2011-04-22 11:31 . 2011-04-22 11:32	--------	d-----w-	c:\program files\CamStudio
2011-04-20 21:24 . 2011-04-20 21:24	--------	d-----w-	c:\users\Andi\AppData\Local\{FA3A1B81-1708-4FFC-871B-4B3FA103EB8E}
2011-04-19 19:29 . 2011-04-19 19:30	--------	d-----w-	c:\users\Andi\AppData\Local\{5E923C56-47D8-4CF6-9765-6BB32FBBF3D4}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-16 18:15 . 2009-12-26 10:31	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-05-06 13:34 . 2010-11-13 16:20	5642	--sha-w-	c:\programdata\KGyGaAvL.sys
2011-04-05 19:19 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-23 15:08 . 2010-05-16 10:20	3528024	----a-w-	c:\windows\RXSUnins.exe
2011-03-23 15:08 . 2010-05-16 10:20	3528024	----a-w-	c:\windows\RXCUnins.exe
2011-03-17 17:58 . 2010-01-01 16:22	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-11 05:40 . 2011-04-15 13:36	1137664	----a-w-	c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-15 13:36	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-08 05:38 . 2011-04-15 13:36	740864	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-15 13:52	132608	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-15 13:52	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-15 13:45	2331136	----a-w-	c:\windows\system32\win32k.sys
2011-02-24 05:32 . 2011-04-15 13:44	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-15 13:52	981504	----a-w-	c:\windows\system32\wininet.dll
2011-02-24 05:30 . 2011-04-15 13:52	44544	----a-w-	c:\windows\system32\licmgr10.dll
2011-02-24 04:23 . 2011-04-15 13:52	386048	----a-w-	c:\windows\system32\html.iec
2011-02-24 03:50 . 2011-04-15 13:52	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-02-23 05:06 . 2011-04-15 13:52	311296	----a-w-	c:\windows\system32\drivers\srv.sys
2011-02-23 05:05 . 2011-04-15 13:52	309760	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-02-23 05:05 . 2011-04-15 13:52	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:05 . 2011-04-15 13:36	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:05 . 2011-04-15 13:36	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:05 . 2011-04-15 13:36	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:05 . 2011-04-15 13:36	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-02-21 18:08 . 2011-01-30 15:11	0	----a-w-	c:\users\Andi\AppData\Local\Ubogakipipadaxuv.bin
2011-02-19 05:33 . 2011-03-09 16:27	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 16:27	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 16:27	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-04-15 13:52	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-02-19 03:37 . 2011-04-15 13:52	294912	----a-w-	c:\windows\system32\atmfd.dll
2011-02-18 05:36 . 2011-04-15 13:52	428032	----a-w-	c:\windows\system32\vbscript.dll
2008-12-23 12:36 . 2008-12-23 12:36	106496	----a-w-	c:\program files\Common Files\CPInstallAction.dll
.
.
------- Sigcheck -------
.
[7] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\System32\beep.sys
.
c:\windows\System32\drivers\beep.sys ... Fehlt !!
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17	1487240	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-19 3261688]
"rfxsrvtray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe" [2010-01-13 686344]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-28 322352]
"Meebo Notifier"="c:\users\Andi\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-07-14 818888]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-05-01 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-23 17149952]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-12-29 159744]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-03-31 266240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-09-30 851968]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-12-25 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-12-25 47672]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_16_Download-Version\TrayServer.exe" [2008-08-07 90112]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-06-26 105632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-30 762208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 ASUSRDVDService;ASUSRDVD Service;c:\program files\ASUS\AI Recovery\ServiceSimple2.exe [2008-12-03 109112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;d:\i386\AsProcOb.sys [x]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2009-12-25 115560]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2011-05-11 3590488]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-03-13 140800]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-03-20 984064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-16 c:\windows\Tasks\Norton Security Scan for Andi.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-22 07:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/sk27211/
uInternet Settings,ProxyOverride = *.local
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-{2FD4436C-35CE-82F6-3A79-695BE8991817} - c:\users\Andi\AppData\Roaming\Fegyo\suohe.exe
HKCU-Run-{8D69C444-C59B-509E-28CD-81A8013FB9FC} - c:\users\Andi\AppData\Roaming\Polar\mili.exe
HKCU-Run-Jfafaquh - c:\users\Andi\AppData\Local\odakelikufev.dll
AddRemove-(smiley) 1.00 - c:\program files\ICQ6.5\Packages\Uninstall.exe
AddRemove-Gemalt 2 1.00 - c:\program files\ICQ6.5\Packages\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(588)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.DLL
.
- - - - - - - > 'Explorer.exe'(3996)
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstStub.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\RunDll32.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-16  20:30:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-16 18:30
.
Vor Suchlauf: 15 Verzeichnis(se), 206.474.665.984 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 205.994.487.808 Bytes frei
.
- - End Of File - - 4B5A7C40D916DF4084FD3931DDB539B3

Antwort

Themen zu windows security alert trojaner virus
akamai, avira, bho, bonjour, desktop, desktop symbole weg, downloader, email, error, firefox, flash player, logfile, mozilla, object, problem, realtek, registry, security, server, software, symantec, trojaner, trojaner - windows security alert, trojaner virus, virus, windows, windows 7, windows security, windows security alert


« TR/Kazy.mekml.1 JAVA Virus? | TR/ATRAPS/Gen2 wie sicher sein das er wirklich weg ist? »


Ähnliche Themen: windows security alert trojaner virus


  1. Windows Security Alert Trojaner
    Log-Analyse und Auswertung - 17.05.2011 (16)
  2. Windows Security Alert - Trojaner?
    Log-Analyse und Auswertung - 18.04.2011 (4)
  3. Virus - Windows Security Alert
    Plagegeister aller Art und deren Bekämpfung - 22.02.2011 (26)
  4. AntiVirus Software Alert / Windows Security Alert
    Plagegeister aller Art und deren Bekämpfung - 15.01.2011 (19)
  5. Windows Security Alert / AV Security Suite / Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (1)
  6. Meldung Windows Security Alert / AV Security Suite / Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 17.09.2010 (26)
  7. Windows Security Alert / AV Security Suite / Antivirus Software Alert / gefakter AV lähmt PC
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (3)
  8. Malware / Virus / Trojaner - "Windows Security Alert / Security Suite"
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (11)
  9. selbe problem mit Windows Security Alert - Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (3)
  10. Windows Security Alert / AV Security Suite / Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (21)
  11. Windows Security Alert / AV Security Suite / Antivirus Software Alert// Ohne Internet
    Plagegeister aller Art und deren Bekämpfung - 21.07.2010 (1)
  12. Windows Security Alert Virus - Kein Neuaufsetzen des Systems möglich!
    Plagegeister aller Art und deren Bekämpfung - 12.02.2010 (1)
  13. Windows Security Alert Virus - Neuaufsetzen des Systems nicht möglich!
    Plagegeister aller Art und deren Bekämpfung - 25.01.2010 (7)
  14. system alert, windows security alert und fremde antiviren programme
    Plagegeister aller Art und deren Bekämpfung - 01.01.2010 (51)
  15. Windows Security Alert Trojaner~
    Log-Analyse und Auswertung - 11.11.2008 (9)
  16. Hilfe! Spyware / Virus / Trojaner: "Windows Security Alert"
    Plagegeister aller Art und deren Bekämpfung - 05.06.2008 (1)
  17. Spyware, fieser Virus-Windows Security Alert
    Plagegeister aller Art und deren Bekämpfung - 04.04.2008 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema windows security alert trojaner virus - hier der LOG: Code: Alles auswählen Aufklappen ATTFilter ComboFix 11-05-16.01 - Andi 16.05.2011 19:45:34.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.2013.623 [GMT 2:00] ausgeführt von:: c:\users\Andi\Documents\Downloads\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* - windows security alert trojaner virus...
Archiv
Du betrachtest: windows security alert trojaner virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131